Update docker.io/library/postgres Docker tag to v18

only allow sops encryption of *.sops.* files
2026-03-06 19:31:00 +00:00 · 2026-03-06 20:21:33 +01:00
7 changed files with 36 additions and 36 deletions
--- a/.sops.yaml
+++ b/.sops.yaml
@ -43,170 +43,170 @@ keys:
 creation_rules:
  ## group vars
-  - path_regex: inventories/chaosknoten/group_vars/all.*
+  - path_regex: "inventories/chaosknoten/group_vars/.+\\.sops\\..+"
    key_groups:
      - pgp:
          *admin_gpg_keys
        age:
          *host_chaosknoten_age_keys
-  - path_regex: inventories/external/group_vars/all.*
+  - path_regex: "inventories/external/group_vars/.+\\.sops\\..+"
    key_groups:
      - pgp:
          *admin_gpg_keys
        age:
          *host_external_age_keys
-  - path_regex: inventories/z9/group_vars/all.*
+  - path_regex: "inventories/z9/group_vars/.+\\.sops\\..+"
    key_groups:
      - pgp:
          *admin_gpg_keys
  ## host vars
  # chaosknoten hosts
-  - path_regex: inventories/chaosknoten/host_vars/acmedns.*
+  - path_regex: "inventories/chaosknoten/host_vars/acmedns\\.sops\\..+"
    key_groups:
      - pgp:
          *admin_gpg_keys
        age:
          - *host_acmedns_ansible_pull_age_key
-  - path_regex: inventories/chaosknoten/host_vars/cloud.*
+  - path_regex: "inventories/chaosknoten/host_vars/cloud\\.sops\\..+"
    key_groups:
      - pgp:
          *admin_gpg_keys
        age:
          - *host_cloud_ansible_pull_age_key
-  - path_regex: inventories/chaosknoten/host_vars/keycloak.*
+  - path_regex: "inventories/chaosknoten/host_vars/keycloak\\.sops\\..+"
    key_groups:
      - pgp:
          *admin_gpg_keys
        age:
          - *host_keycloak_ansible_pull_age_key
-  - path_regex: inventories/chaosknoten/host_vars/grafana.*
+  - path_regex: "inventories/chaosknoten/host_vars/grafana\\.sops\\..+"
    key_groups:
      - pgp:
          *admin_gpg_keys
        age:
          - *host_grafana_ansible_pull_age_key
-  - path_regex: inventories/chaosknoten/host_vars/pad.*
+  - path_regex: "inventories/chaosknoten/host_vars/pad\\.sops\\..+"
    key_groups:
      - pgp:
          *admin_gpg_keys
        age:
          - *host_pad_ansible_pull_age_key
-  - path_regex: inventories/chaosknoten/host_vars/ccchoir.*
+  - path_regex: "inventories/chaosknoten/host_vars/ccchoir\\.sops\\..+"
    key_groups:
      - pgp:
          *admin_gpg_keys
        age:
          - *host_ccchoir_ansible_pull_age_key
-  - path_regex: inventories/chaosknoten/host_vars/pretalx.*
+  - path_regex: "inventories/chaosknoten/host_vars/pretalx\\.sops\\..+"
    key_groups:
      - pgp:
          *admin_gpg_keys
        age:
          - *host_pretalx_ansible_pull_age_key
-  - path_regex: inventories/chaosknoten/host_vars/netbox.*
+  - path_regex: "inventories/chaosknoten/host_vars/netbox\\.sops\\..+"
    key_groups:
      - pgp:
          *admin_gpg_keys
        age:
          - *host_netbox_ansible_pull_age_key
-  - path_regex: inventories/chaosknoten/host_vars/tickets.*
+  - path_regex: "inventories/chaosknoten/host_vars/tickets\\.sops\\..+"
    key_groups:
      - pgp:
          *admin_gpg_keys
        age:
          - *host_tickets_ansible_pull_age_key
-  - path_regex: inventories/chaosknoten/host_vars/onlyoffice.*
+  - path_regex: "inventories/chaosknoten/host_vars/onlyoffice\\.sops\\..+"
    key_groups:
      - pgp:
          *admin_gpg_keys
        age:
          - *host_onlyoffice_ansible_pull_age_key
-  - path_regex: inventories/chaosknoten/host_vars/zammad.*
+  - path_regex: "inventories/chaosknoten/host_vars/zammad\\.sops\\..+"
    key_groups:
      - pgp:
          *admin_gpg_keys
        age:
          - *host_zammad_ansible_pull_age_key
-  - path_regex: inventories/chaosknoten/host_vars/ntfy.*
+  - path_regex: "inventories/chaosknoten/host_vars/ntfy\\.sops\\..+"
    key_groups:
      - pgp:
          *admin_gpg_keys
        age:
          - *host_ntfy_ansible_pull_age_key
-  - path_regex: inventories/chaosknoten/host_vars/eh22-wiki.*
+  - path_regex: "inventories/chaosknoten/host_vars/eh22-wiki\\.sops\\..+"
    key_groups:
      - pgp:
          *admin_gpg_keys
        age:
          - *host_eh22_wiki_ansible_pull_age_key
-  - path_regex: inventories/chaosknoten/host_vars/sunders.*
+  - path_regex: "inventories/chaosknoten/host_vars/sunders\\.sops\\..+"
    key_groups:
      - pgp:
          *admin_gpg_keys
        age:
          - *host_sunders_ansible_pull_age_key
-  - path_regex: inventories/chaosknoten/host_vars/wiki.*
+  - path_regex: "inventories/chaosknoten/host_vars/wiki\\.sops\\..+"
    key_groups:
      - pgp:
          *admin_gpg_keys
        age:
          - *host_wiki_ansible_pull_age_key
-  - path_regex: inventories/chaosknoten/host_vars/renovate.*
+  - path_regex: "inventories/chaosknoten/host_vars/renovate\\.sops\\..+"
    key_groups:
      - pgp:
          *admin_gpg_keys
        age:
          - *host_renovate_ansible_pull_age_key
-  - path_regex: inventories/chaosknoten/host_vars/lists.*
+  - path_regex: "inventories/chaosknoten/host_vars/lists\\.sops\\..+"
    key_groups:
      - pgp:
          *admin_gpg_keys
        age:
          - *host_lists_ansible_pull_age_key
-  - path_regex: inventories/chaosknoten/host_vars/mumble.*
+  - path_regex: "inventories/chaosknoten/host_vars/mumble\\.sops\\..+"
    key_groups:
      - pgp:
          *admin_gpg_keys
        age:
          - *host_mumble_ansible_pull_age_key
-  - path_regex: inventories/chaosknoten/host_vars/public-reverse-proxy.*
+  - path_regex: "inventories/chaosknoten/host_vars/public-reverse-proxy\\.sops\\..+"
    key_groups:
      - pgp:
          *admin_gpg_keys
        age:
          - *host_public_reverse_proxy_ansible_pull_age_key
-  - path_regex: inventories/chaosknoten/host_vars/spaceapiccc.*
+  - path_regex: "inventories/chaosknoten/host_vars/spaceapiccc\\.sops\\..+"
    key_groups:
      - pgp:
          *admin_gpg_keys
        age:
          - *host_spaceapiccc_ansible_pull_age_key
-  - path_regex: inventories/chaosknoten/host_vars/mjolnir.*
+  - path_regex: "inventories/chaosknoten/host_vars/mjolnir\\.sops\\..+"
    key_groups:
      - pgp:
          *admin_gpg_keys
        age:
          - *host_mjolnir_ansible_pull_age_key
  # external hosts
-  - path_regex: inventories/external/host_vars/status.*
+  - path_regex: "inventories/external/host_vars/status\\.sops\\..+"
    key_groups:
      - pgp:
          *admin_gpg_keys
        age:
          - *host_status_ansible_pull_age_key
  # z9 hosts
-  - path_regex: inventories/z9/host_vars/dooris.*
+  - path_regex: "inventories/z9/host_vars/dooris\\.sops\\..+"
    key_groups:
      - pgp:
          *admin_gpg_keys
-  - path_regex: inventories/z9/host_vars/yate.*
+  - path_regex: "inventories/z9/host_vars/yate\\.sops\\..+"
    key_groups:
      - pgp:
          *admin_gpg_keys
  # general
-  - key_groups:
+  - path_regex: ".+\\.sops\\..+"
-      - pgp:
+    key_groups:
-          *admin_gpg_keys
+      - pgp: *admin_gpg_keys
 stores:
  yaml:
--- a/inventories/chaosknoten/host_vars/cloud.yaml
+++ b/inventories/chaosknoten/host_vars/cloud.yaml
@ -1,7 +1,7 @@
 # renovate: datasource=docker depName=git.hamburg.ccc.de/ccchh/oci-images/nextcloud
 nextcloud__version: 32
 # renovate: datasource=docker depName=docker.io/library/postgres
-nextcloud__postgres_version: 15.15
+nextcloud__postgres_version: 18.3
 nextcloud__fqdn: cloud.hamburg.ccc.de
 nextcloud__data_dir: /data/nextcloud
 nextcloud__extra_configuration: "{{ lookup('ansible.builtin.template', 'resources/chaosknoten/cloud/nextcloud/extra_configuration.config.php.j2') }}"
--- a/resources/chaosknoten/keycloak/docker_compose/compose.yaml.j2
+++ b/resources/chaosknoten/keycloak/docker_compose/compose.yaml.j2
@ -46,7 +46,7 @@ services:
      - "8080:8080"
  db:
-    image: docker.io/library/postgres:15.15
+    image: docker.io/library/postgres:18.3
    restart: unless-stopped
    networks:
      - keycloak
--- a/resources/chaosknoten/lists/docker_compose/compose.yaml
+++ b/resources/chaosknoten/lists/docker_compose/compose.yaml
@ -58,7 +58,7 @@ services:
      - POSTGRES_DB=mailmandb
      - POSTGRES_USER=mailman
      - POSTGRES_PASSWORD=wvQjbMRnwFuxGEPz
-    image: docker.io/library/postgres:12-alpine
+    image: docker.io/library/postgres:18-alpine
    volumes:
      - /opt/mailman/database:/var/lib/postgresql/data
    networks:
--- a/resources/chaosknoten/pad/docker_compose/compose.yaml.j2
+++ b/resources/chaosknoten/pad/docker_compose/compose.yaml.j2
@ -3,7 +3,7 @@
 services:
  database:
-    image: docker.io/library/postgres:15-alpine
+    image: docker.io/library/postgres:18-alpine
    environment:
      - "POSTGRES_USER=hedgedoc"
      - "POSTGRES_PASSWORD={{ secret__hedgedoc_db_password }}"
--- a/resources/chaosknoten/pretalx/docker_compose/compose.yaml.j2
+++ b/resources/chaosknoten/pretalx/docker_compose/compose.yaml.j2
@ -3,7 +3,7 @@
 services:
  database:
-    image: docker.io/library/postgres:15-alpine
+    image: docker.io/library/postgres:18-alpine
    environment:
      - "POSTGRES_USER=pretalx"
      - "POSTGRES_PASSWORD={{ secret__pretalx_db_password }}"
--- a/resources/chaosknoten/tickets/docker_compose/compose.yaml.j2
+++ b/resources/chaosknoten/tickets/docker_compose/compose.yaml.j2
@ -1,7 +1,7 @@
 ---
 services:
  database:
-    image: docker.io/library/postgres:15-alpine
+    image: docker.io/library/postgres:18-alpine
    environment:
      - "POSTGRES_USER=pretix"
      - "POSTGRES_PASSWORD={{ secret__pretix_db_password }}"
Author	SHA1	Message	Date
Renovate	c47f7eeee2	Update docker.io/library/postgres Docker tag to v18 All checks were successful / Ansible Lint (push) Successful in 2m37s Details / Ansible Lint (pull_request) Successful in 2m52s Details	2026-03-06 19:31:00 +00:00
lilly	0788fde69d	only allow sops encryption of .sops. files All checks were successful / Ansible Lint (pull_request) Successful in 2m31s Details / Ansible Lint (push) Successful in 13m55s Details	2026-03-06 20:21:33 +01:00